‘Doom Eternal’ Is Using Denuvo’s New Kernel-Level Anti-Cheat Driver

Doom Eternal has become the latest game to use a kernel-level driver to aid in detecting cheaters in multiplayer matches,” reports Ars Technica: The game’s new driver and anti-cheat tool come courtesy of Denuvo parent Irdeto, a company once known for nearly unbeatable piracy protection and now known for somewhat effective but often cracked piracy protection. But the new Denuvo Anti-Cheat protection is completely separate from the company’s Denuvo Anti-Tamper technology… The new Denuvo Anti-Cheat tool rolls out to Doom Eternal players after “countless hours and millions of gameplay sessions” during a two-year early access program, Irdeto said in a blog post announcing its introduction. But unlike Valorant’s similar Vanguard system, the Denuvo Anti-Cheat driver “doesn’t have annoying tray icons or splash screens” letting players monitor its use on their system. “This invisibility could raise some eyebrows,” Irdeto concedes.

To assuage any potential fears, Irdeto writes that Denuvo Anti-Cheat only runs when the game is active, and Bethesda’s patch notes similarly say that “use of the kernel-mode driver starts when the game launches and stops when the game stops for any reason….”

“No monitoring or data collection happens outside of multiplayer matches,” Denuvo Anti-Cheat Product Owner Michail Greshishchev told Ars via email. “Denuvo does not attempt to maintain the integrity of the system. It does not block cheats, game mods, or developer tools. Denuvo Anti-Cheat only detects cheats.” Greshishchev added that the company’s driver has received “certification from renown[ed] kernel security researchers, completed regular whitebox and blackbox audits, and was penetration-tested by independent cheat developers.” He said Irdeto is also setting up a bug bounty program to discover any flaws they might have missed.

And because of Denuvo Anti-Cheat’s design, Greshishchev says the driver is more secure than others that might have more exposure to the Internet. “Unlike existing anti-cheats, Denuvo Anti-Cheat does not stream shell code from the Web,” Greshishchev told Ars. “This means that, if compromised, attackers can’t send down arbitrary malware to gamers’ machines….”

If a driver exploit is discovered in the wild, Greshishchev told Ars that revocable certificates and self-expiring network keys can be used as “kill switches” to cut them off.